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~ The MAILING DATE of this communication appears on the cover sheet with the correspondence address -- 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 



- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35U.S.C.§ 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

Responsive to communication(s) filed on 12 July 2004 . 
2a)IS This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
Disposition of Claims 

4) [3 Claimfs) 1-20 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) Q Claim(s) is/are allowed. 

6) |3 Claimfs) 1-20 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) 13 The drawing(s) filed on 19 September 2000 is/are: a)l3 accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

1 1) D The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

13) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

a)DAII b)\J Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121 . 

Attachment(s) 

1) S Notice of References Cited (PTO-892) & 4) O Interview Summary (PTO-4 13) Paper No(s). . 

2) CH Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) \Z\ Notice of Informal Patent Application (PTO-152) 

3) [H Information Disclosure Statement(s) (PTO-1449) Paper No(s) . 6) O Other: 
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DETAILED ACTION 
Response to Arguments 

1 . In response. to communications filed on 7/12/2004, applicant amends claim 1 and adds 
claims 15-20. The following claims 1-20 are presented for examination. 

2. The amendments to the specifications filed on 7/12/2004, have been considered and the 
objection has been withdrawn. 

2. 1 Applicant's arguments, pages 8-16, filed on 7/12/2004, with respect to the rejection of 
claims 1, 2, and 26, under 35 USC 102 (e) have been fully considered but are moot in view of the 
new grounds of rejection. Gaul, Jr. teaches assessing vulnerability of a workstation to a security 
compromise including authenticating the client before providing service. Johnson teaches a 
server providing service to a workstation using a browser interface and suggests that the 
invention can be applied to any services including networking and security problems, for 
example (column 6, lines 24-51). Therefore claims 1-20 are rejected under 35 USC 103 in view 
of these two references. 

Claim Rejections - 35 USC §103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
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patented and the prior art are such that the subject matter as a whole would have been obvious at 
the time the invention was made to a person having ordinary skill in the art to which said subject 
matter pertains. Patentability shall not be negatived by the manner in which the invention was 
made. 

3.1 Claims 1-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over US Patent 
6,397,245 to Johnson, H et al in view of US Patent Publication US 2001/0034847 to Gaul, Jr.. 

3.2 As per claims 1, and 7, Gaul, Jr. discloses a computer-implemented process for 
assessing the vulnerability of a workstation to a security compromise comprises the step of: 
Gaul, Jr. discloses that the application can be external. To one with ordinary skill in the art, it is 
obvious that a request will be made from the user to the server, for example (see page 2, 
paragraphs 0014-0018). Gaul, Jr. discloses remote operation of completing a vulnerability 
assessment of the workstation that meets the recitation of transmitting a scanner from the 
network server to the workstation via the computer network, the scanner installable within the 
browser and operative to complete a vulnerability assessment of the workstation (see column 7, 
line 9 through column 9); and generating workstation credentials in response to the scanner 
conducting the vulnerability assessment of the workstation (see page 7, paragraphs 0073-0078). 
Gaul, Jr. also discloses using an Internet based aspect for the invention to perform vulnerability 
assessment. It is well known in the art various Internet applications to provide services from a 
server to a workstation as suggested by Gaul, Jr., for example (see page 2, paragraphs 0014- 
0018). Johnson, II et al, in an analogous art of providing services through the Internet, 
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discloses issuing a request for a scanner from a browser operating on the workstation to a 
network server via a computer network, for example (see column 9, line 50 through column 10, 
line 32). Johnson, II et al further discloses that the invention is not limited to the use of the 
examples provided and further discloses transmitting an application including plug-in module 
and Javascript from the server to the workstation the application installable to solve any 
problems including security and network and collecting data, that meets the recitation of 
transmitting a scanner from the network server to the workstation via the computer network, the 
scanner installable within the browser and operative to complete a vulnerability assessment of 
the workstation, for example (see column 11, line 40 through column 12, line 40 column 7, line 
35 through column 8, line 67; column 6, lines 24-51). Johnson, II et al also discloses that a 
service of that type provides various benefits such as ease of use and inexpensive, for example 
(see column 7, lines 35-65). Therefore, it would have been obvious to one of ordinary skill in 
the art at the time the invention was made to modify the method of Gaul, Jr. to provide an 
Internet based service which is easy to use and inexpensive as taught by Johnson, II et al.. 

As per claim 2, Gaul, Jr. discloses the limitation of further comprising the step of 
presenting the workstation credentials to the user of the workstation, for example (see page 7, 
paragraphs 0073-0078 and page 9, paragraphs 0115-0116). 

As per claim 3, Gaul, Jr. discloses the limitation of further comprising the step of 
transmitting the workstation credentials to the network server via the computer network, for 
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example (see page 7, paragraphs 0073-0078). 
Johnson, II et al). 



Page 5 

(See also column 10, lines 3-32 and abstract in 



As per claim 4, Gaul, Jr. discloses the limitation of further comprising the step of 
completing a repair operation by the scanner to address a security vulnerability identified by the 
scanner in response to completing the vulnerability assessment of the workstation (see page 2, 
paragraph 0018). 

As per claims 6, 9, and 14, Johnson, II et al discloses the limitation of wherein the step 
of issuing a request for a scanner comprises the browser issuing a request for a Web page at the 
network server, the Web page hosting the scanner as a plug-in control available for installation 
with the browser (see column 6, lines 24-52). These claims are rejected on the same rationale as 
the rejection of claims 1 and 7. 

Claims 8-10, and 17 recite the same inventive concept as claims 1, 6, and 7 except for 
authenticating the user or workstation to grant determine whether to grant access to service. 
Gaul, Jr. discloses this added limitation, for example on page 7, paragraphs 0073-0077 and page 
9, paragraphs 112-115). Therefore, claims 8-10 and 17 are rejected on the same rationale as the 
rejection of claims 1, 6, and 7. 



As per claims 11 and 13, claim 1 1 recites some of the limitations of the rejected claims 1 
and 8. Therefore claim 1 1 is rejected on the same rationale as the rejection of claims 1 and 8. 
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As per claim 12, Gaul, Jr. discloses the limitation of granting and denying access as 
discussed above. Claim 12 recites the same inventive concept as recited in claims 8-10 and 17 
except for using an Internet based system which also suggested by Gaul, Jr. and disclosed by 
Johnson, II et al. as disclosed in claims 1 and 7. wherein the step of issuing a request for a 
scanner comprises the browser issuing a request for a Web page at the network server, the Web 
page hosting the scanner as a control operable with the browser (see column 7, lines 40-44). 
Therefore, claim 12 is rejected on the same rationale as the rejection of claims 1 and 8-10 and 17. 

As per claims 15-20 discloses the limitation of receiving credentials associated with a 
user from a browser and authenticating the user based on the credentials, and further discloses 
that the invention can be Internet based, for example (see page 7, paragraphs 0073-0077 and 
claim 15). 

Conclusion 

4. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
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will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

4. 1 The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure as the art discloses the use of servicing workstations through browser application and 
identifying security vulnerabilities. 

US Patent: 6,429,952 Olbricht 

4.2 Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carl Colin whose telephone number is 571-272-3862. The 
examiner can normally be reached on Monday through Thursday, 8:00-6:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 703-305-3900. 



Carl Colin 




Patent Examiner 



November, 16, 2004 
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